What this book covers

Chapter One
                       Understanding what SQL injection is, and how it happens

Chapter Two 
                       How to find SQL injection from a web application front end, including
how to detect the possible presence of SQL injection, how to confirm SQL injection is present,
and how to automated finding SQL injection.

Chapter Three 
                            How to find SQL injection in software by reviewing the code, both
manually and via automation.

Chapter Four 
                       How to Exploit SQL injection, including common techniques, UNION
and conditional statements, enumerating the schema, stealing password hashes and automating

Chapter Five  
                      How to Exploit Blind SQL injection, including using time-based,
response-based and alternative channels to return data.

Chapter Six
                        Exploiting the Operating System via SQL injection, including reading and
writing files, and executing Operating System commands via SQL injection.

Chapter Seven
                            Advanced Exploitation Topics, including input filter evasion, exploiting
Second-Order SQL injection, exploiting client-side SQL injection and executing hybrid
attacks via SQL injection.

Chapter Eight
                          Defending your code against SQL injection, including design-based
approaches, use of parameterization, encoding, and validation approaches to avoid SQL

Chapter Nine
                         Defending your application platform against SQL injection, including use
of runtime protections, hardening the database and secure deployment considerations to
mitigate the impact of SQL injection.

Chapter Ten
                           Confirming and recovering from SQL injection attacks, including how to
determine if you’ve fallen prey to SQL injection, confirming whether the SQL injection was
successful, and how to recover if you’ve been hacked by SQL injection.

Chapter Eleven
                              References chapter, including a primer on SQL, a SQL injection quick
reference on Microsoft SQL Server, Oracle, MySQL, and PostgreSQL, as well as details of
SQL injection on other platforms such as DB2, Sybase, Access, and others.

Also, Subscribe to my youtube channel